CVE-2025-11738 is a vulnerability classified under CWE-73 (External Control of File Name or Path) affecting the Media Library Assistant plugin for WordPress, specifically versions up to and including 3.29. The vulnerability is located in the mla-stream-image.php file, which improperly handles user-supplied input to specify file paths. This flaw allows unauthenticated attackers to perform limited arbitrary file reading on the server, targeting files with extensions such as AI (Adobe Illustrator), EPS (Encapsulated PostScript), PDF, and PS (PostScript). These file types often contain sensitive or proprietary information, and unauthorized access could lead to information disclosure. The vulnerability does not require authentication or user interaction, increasing its risk profile. The CVSS 3.1 base score is 5.3 (medium severity), reflecting the network attack vector, low attack complexity, and no privileges or user interaction required. The impact is limited to confidentiality, with no integrity or availability effects. No patches or known exploits are currently reported, but the vulnerability is publicly disclosed and should be addressed promptly. The plugin is widely used in WordPress environments, which are prevalent in many European organizations for content management and digital asset handling.

For European organizations, the primary impact of CVE-2025-11738 is the potential unauthorized disclosure of sensitive documents stored on web servers running vulnerable versions of the Media Library Assistant plugin. This could include intellectual property, internal reports, or confidential client information embedded in AI, EPS, PDF, or PS files. Such information leakage could lead to reputational damage, regulatory non-compliance (e.g., GDPR concerns if personal data is exposed), and potential competitive disadvantage. Since the vulnerability does not allow file modification or deletion, the risk to system integrity and availability is low. However, the ease of exploitation (no authentication or user interaction needed) increases the likelihood of opportunistic scanning and data harvesting attacks. Organizations relying heavily on WordPress for digital content management and those hosting sensitive media files are at greater risk. The absence of known exploits in the wild suggests limited active exploitation currently, but the public disclosure may prompt attackers to develop exploits.

1. Monitor the vendor’s official channels for a security patch and apply updates to the Media Library Assistant plugin immediately upon release. 2. Until a patch is available, restrict access to the mla-stream-image.php file via web server configuration (e.g., using .htaccess rules or equivalent) to block unauthenticated external requests. 3. Implement strict file permissions on the server to prevent unauthorized reading of sensitive AI, EPS, PDF, and PS files by the web server user. 4. Conduct an audit of all sensitive documents stored within the WordPress media library and consider relocating highly sensitive files outside the web root or using encrypted storage. 5. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting mla-stream-image.php or unusual file access patterns. 6. Regularly review WordPress plugin usage and remove or replace plugins that are no longer maintained or have known vulnerabilities. 7. Educate site administrators on the risks of using vulnerable plugins and the importance of timely updates.